From: Ivan Kohler <ivan@freeside.biz>
Date: Tue, 30 Jun 2015 01:59:37 +0000 (-0700)
Subject: xss
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=344f30c6902376570437b322d4f57fbd1880a7fd

xss
---

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index 9d62e5609..f81ec1b6b 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -101,7 +101,7 @@ my $orderby = $cgi->param('orderby') || 'custnum';
 
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {